Union sues personnel office over hack of employees’ information

The Washington Post

The American Federation of Government Employees (AFGE) filed suit Monday against the Office of Personnel Management (OPM), two of its top officials and an agency contractor over the cyber theft of employees’ personal information.

The lawsuit says OPM Director Katherine Archuleta and Donna Seymour, OPM’s chief information officer “repeatedly failed to comply with federal law and make the changes required by the OIG’s (Office of Inspector General) annual audit reports” on cyber security programs.

Earlier this month, OPM announced that 4.2 million files, including names and Social Security numbers of current and former federal employees, had been hacked. Another breach involved the records of employees and contractors seeking security clearances. OPM has not announced the number of individuals whose information was stolen in that attack.

Keypoint Government Solutions is a private company OPM uses to perform background investigations of security clearance candidates. AFGE named the company as a defendant because it was the target of a cyber attack in December and “Archuleta and the OPM identified the misuse of a KeyPoint user credential as the source of the breach” the agency currently is investigating, says the class action lawsuit filed in federal district court.

“The combination of KeyPoint’s cyber security weaknesses and the OPM’s cyber security failures caused the massive scope of the OPM Breach,” according to AFGE.

AFGE requested a jury trial. It also asked the court to award “appropriate relief, including actual and statutory damages,” but did not ask for a specific dollar amount.